Historically there have been two separate forms, one for user creation and
another one dedicated to changing/resetting a users password. This was
flawed for long, because password change attempts on non-existing users
created them silently bypassing all the checks normally enforced on user
creation.

At one bright day we may have something more flexible and powerful like classSessionAttributeProvider in UserManagerPlugin, but for now just avoid future
code duplication by creating a generic function.

DELETE SQL statement modifications are disputable, since code is obviously
somewhat harder to understand. But I prefer the reusable SQL string over
the much more verbose form with (currently three) similar statements, that
would get even bigger with multi-line formatting as done anywhere else now.